When using SSR framework like NextJS, in order to render protected data server side, you must establish a JWT or session on initial login. Subsequent requests will then grab user from session and get protected data. Google Firebase Auth lets you get their Auth token, pass it to server, and validate server side, allowing you to create a session via third party Auth service.
Not sure how this would work with Stitch. Is it possible to render protected data on the server on initial load? If not, it would get rid of a lot of the benefits of SSR apps.
Example of NextJS + Firebase auth: https://github.com/zeit/next.js/blob/master/examples/with-firebase-authentication/server.js